feat: add hosted install [ci skip]
This commit is contained in:
93
hosted/config/sites-enabled/dynamic-clients
Normal file
93
hosted/config/sites-enabled/dynamic-clients
Normal file
@@ -0,0 +1,93 @@
|
||||
# -*- text -*-
|
||||
######################################################################
|
||||
#
|
||||
# Sample configuration file for dynamically updating the list
|
||||
# of RADIUS clients at run time.
|
||||
#
|
||||
# Everything is keyed off of a client "network". (e.g. 192.0.2/24)
|
||||
# This configuration lets the server know that clients within
|
||||
# that network are defined dynamically.
|
||||
#
|
||||
# When the server receives a packet from an unknown IP address
|
||||
# within that network, it tries to find a dynamic definition
|
||||
# for that client. If the definition is found, the IP address
|
||||
# (and other configuration) is added to the server's internal
|
||||
# cache of "known clients", with a configurable lifetime.
|
||||
#
|
||||
# Further packets from that IP address result in the client
|
||||
# definition being found in the cache. Once the lifetime is
|
||||
# reached, the client definition is deleted, and any new requests
|
||||
# from that client are looked up as above.
|
||||
#
|
||||
# If the dynamic definition is not found, then the request is
|
||||
# treated as if it came from an unknown client. i.e. It is
|
||||
# silently discarded.
|
||||
#
|
||||
# As part of protection from Denial of Service (DoS) attacks,
|
||||
# the server will add only one new client per second. This CANNOT
|
||||
# be changed, and is NOT configurable.
|
||||
#
|
||||
# $Id: 0459a7f4b1dc824b1684e9d220a0410c69b3248a $
|
||||
#
|
||||
######################################################################
|
||||
|
||||
|
||||
|
||||
#
|
||||
# This is the virtual server referenced above by "dynamic_clients".
|
||||
server dynamic_clients {
|
||||
|
||||
#
|
||||
# The only contents of the virtual server is the "authorize" section.
|
||||
authorize {
|
||||
|
||||
#
|
||||
# Put any modules you want here. SQL, LDAP, "exec",
|
||||
# Perl, etc. The only requirements is that the
|
||||
# attributes MUST go into the control item list.
|
||||
#
|
||||
# The request that is processed through this section
|
||||
# is EMPTY. There are NO attributes. The request is fake,
|
||||
# and is NOT the packet that triggered the lookup of
|
||||
# the dynamic client.
|
||||
#
|
||||
# The ONLY piece of useful information is either
|
||||
#
|
||||
# Packet-Src-IP-Address (IPv4 clients)
|
||||
# Packet-Src-IPv6-Address (IPv6 clients)
|
||||
#
|
||||
# The attributes used to define a dynamic client mirror
|
||||
# the configuration items in the "client" structure.
|
||||
#
|
||||
|
||||
#
|
||||
# Example 1: Hard-code a client IP. This example is
|
||||
# useless, but it documents the attributes
|
||||
# you need.
|
||||
#
|
||||
if ("%{raw:NAS-Identifier}") {
|
||||
if ("%{sql: select count(*) from nas where shortname='%{raw:NAS-Identifier}'}" == 1) {
|
||||
update control {
|
||||
&FreeRADIUS-Client-IP-Address = "%{Packet-Src-IP-Address}"
|
||||
&FreeRADIUS-Client-Require-MA = no
|
||||
&FreeRADIUS-Client-Secret = "%{sql: select nas.secret from nas where shortname='%{raw:NAS-Identifier}'}"
|
||||
&FreeRADIUS-Client-Shortname = "%{sql: select shortname from nas where shortname='%{raw:NAS-Identifier}'}"
|
||||
&FreeRADIUS-Client-NAS-Type = "other"
|
||||
}
|
||||
ok
|
||||
}
|
||||
else {
|
||||
rest
|
||||
}
|
||||
} else {
|
||||
reject
|
||||
}
|
||||
|
||||
#
|
||||
# Tell the caller that the client was defined properly.
|
||||
#
|
||||
# If the authorize section does NOT return "ok", then
|
||||
# the new client is ignored.
|
||||
ok
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user